constitution-compliance-review

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.90). The skill instructs the agent to read arbitrary files and "quote the actual text" of rule-heavy sections verbatim (with no guidance to redact or avoid secrets), so if those files contain API keys/passwords the model would output them directly, creating a high exfiltration risk.